Usbkill Script Can Render Computers Useless

The idea of needing to disable a computer quickly as the police–or another potential adversary–comes through the door typically has been the concern of criminals. But in today’s climate activists, journalists, and others may find themselves wanting to make their laptops unusable in short order, and that’s where usbkill comes in.

The idea of needing to disable a computer quickly as the police–or another potential adversary–comes through the door typically has been the concern of criminals. But in today’s climate activists, journalists, and others may find themselves wanting to make their laptops unusable in short order, and that’s where usbkill comes in.

The new tool is a small Python script that users can download and run on any machine. The script then will monitor the machine for any changes in state on the USB ports, like when someone removes or plugs in a USB drive. If a state change is detected, the usbkill script then will disable the machine immediately.

A developer who uses the name Hephaest0s released usbkill on GitHub recently, and the tool could have a wide range of uses, especially for anti-forensics applications. The usbkill script could effectively prevent analysis of a machine. In an email, the developer said usbkill is designed for some specific threats.

“Usbkill keeps watch on the computer’s usb ports, and if any change is observed it will shut down (kill) the computer. This means that if you add or remove a usb drive, the computer (running usbkill) will immediately crash,” Hephaest0s said.

“For additional security one might attach a usb key to one’s wrist (using a lace) and plug it into the computer, to start the usbkill program ofter the usb is inserted. If your computer is forcefully removed from you, the usb attached to your wrist will likely be removed from your computer, killing it. This essentially means you have a usb-dead-switch for your computer.”

The usbkill script has anti-theft, as well as anti-forensics, applications.

“In case the police comes busting in, or steals your laptop from you when you are at a public library. The police will use a `mouse jiggler’ to keep the screensaver and sleep mode from activating. If this happens you would like your computer to shut down immediately,” Hephaest0s wrote in the documentation for the usbkill script.

The possibility of needing to protect against forensic examination of a laptop has become quite real in recent years for many people. Security researchers, political activists, journalists, and many others can find themselves subject to laptop seizures or searches at various times. Depending on the country, legal issues could arise from using a tool to modify a machine to prevent forensic search, but for users who are mainly worried about theft, usbkill is a new option to make laptops useless to potential thieves.

“In case of false alarm you’d like to recover your files. This is not a problem as any files you saved on your computer will still be there once you re-start your computer. But, unsaved changes remain lost. Do note that your hard drive should be encrypted when using usbkill. Hard drive encryption can easily be turned on using, amongst other alternatives, windows bitlocker, apple filevault or linux luks,” Hephaest0s said by email.

In addition to usbkill, Hephaest0s has several other projects on GitHub, including a password strengthener.

Suggested articles

Discussion

  • Dr. Hilliard Haliard on

    "Hey, can I borrow your USB stick for just a minute, got a file I wanna give you... OOPS." "Hey, I got some new cat pictures, let me just plug this in and copy them over for you... OOPS."
  • Chris on

    yeah, but, how fast does this shutdown? I mean it's going to save at least something. And I don't really see how this'll help in the long run with forensic analysis. "gee wiz he shut his PC down, all the stuff not saved an in memory is gone, awe shucks, but look at all this saved stuff!".
    • George on

      I think you may be mis-reading something. The computer gets turned off as if you told it to shutdown. That's why they say you need to make sure you're hard drive is encrypted, otherwise it's not that useful. The script doesn't save anything.
  • Olivier on

    I think hé should have made it un such a way that it reacts only tout a specific USB drive which has been setup for the purpose otherwise anybody can messup with your laptop using any USB drive!

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.